ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Basic Virtual Private Networking

5-13

v1.0, September 2007

c.

In the Authentication Method menu, select Pre-Shared key.

d.

In the Encrypt Alg menu, select the type of encryption. In this example, use Triple DES.

e.

In the Hash Alg menu, select SHA-1.

f.

In the SA Life menu, select Unspecified.

g.

In the Key Group menu, select Diffie-Hellman Group 2.

7.

Configure the VPN Client Key Exchange Proposal. Provide the type of encryption (DES or

3DES) to be used for this connection. This selection must match your selection in the FVG318

configuration.

a.

Expand the Key Exchange subheading by double clicking its name or clicking on the “+”

symbol. Then select Proposal 1 below Key Exchange.

b.

In the SA Life menu, select Unspecified.

c.

In the Compression menu, select None.

d.

Check the Encapsulation Protocol (ESP) check box.

e.

In the Encrypt Alg menu, select the type of encryption. In this example, use Triple DES.

f.

In the Hash Alg menu, select SHA-1.

g.

In the Encapsulation menu, select Tunnel.

h.

Leave the Authentication Protocol (AH) check box unchecked.

Figure 5-12

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

5-14

Basic Virtual Private Networking

v1.0, September 2007

8.

Save the VPN Client Settings. From the File menu at the top of the Security Policy Editor

window, click

Save

.

After you have configured and saved the VPN client information, your PC will automatically open

the VPN connection when you attempt to access any IP addresses in the range of the remote VPN

firewall’s LAN.

To check the VPN connection.

Initiate a request from the remote PC to the FVG318’s network by using the “Connect” option in

the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the

attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must

initiate the request.

To perform a ping test using our example, start from the remote PC:

1.

Establish an Internet connection from the PC.

2.

On the Windows tasteable, click the

Start

button, and then click

Run

.

3.

Type

ping -t 192.168.3.1

, and then click

OK

.

Figure 5-13

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Basic Virtual Private Networking

5-15

v1.0, September 2007

This will cause a continuous ping to be sent to the first FVG318. After between several

seconds and two minutes, the ping response should change from “timed out” to “reply”, as

shown below.

Once the connection is established, you can open the browser of the PC and enter the LAN IP

address of the remote FVG318. After a short wait, you should see the login screen of the VPN

Firewall Router (unless another PC already has the FVG318 management interface open).

Monitoring the Progress and Status of the VPN Client Connection

Information on the progress and status of the VPN client connection can be viewed by opening the

NETGEAR ProSafe Log Viewer.

To launch this function:

1.

Click the Window

s Start

button, and select

Programs > NETGEAR ProSafe VPN Client >

Log Viewer

. The Log Viewer screen for a similar successful connection is shown below:

Figure 5-14

Figure 5-15

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

5-16

Basic Virtual Private Networking

v1.0, September 2007

2.

The Connection Monitor screen for a similar connection is shown below:

In this example you can see the following:

•

The FVG318 has a public IP WAN address of 22.23.24.25.

•

The FVG318 has a LAN IP address of 192.168.3.1.

•

The VPN client PC has a dynamically assigned address of 192.168.2.2.

While the connection is being established, the Connection Name field in this menu will say “SA”

before the name of the connection. When the connection is successful, the “SA” will change to the

yellow key symbol shown in the illustration above.

Figure 5-16

Note:

Use the active VPN tunnel information and pings to determine whether a failed

connection is due to the VPN tunnel or some reason outside the VPN tunnel.

Figure 5-17

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Basic Virtual Private Networking

5-17

v1.0, September 2007

Transferring a Security Policy to Another Client

This section explains how to export and import a security policy as an

.spd

file so that an existing

NETGEAR ProSafe VPN Client configuration can be copied to other PCs running the NETGEAR

ProSafe VPN Client.

The following procedure (

Figure 5-18

) enables you to export a security policy as an

.spd

file.

To export a security policy:

1.

Select

Export Security Policy

from the

File

pull-down menu.

2.

Once you decide the name of the file and directory where you want to store the client policy,

click

Export.

In this example, the exported policy is named

policy.spd

and is being stored on the C drive.

Note:

While your PC is connected to a remote LAN through a VPN, you might not have

normal Internet access. If this is the case, you will need to close the VPN

connection in order to have normal Internet access.

Figure 5-18

Figure 5-19